AWSCloudWatch

AWSCloudWatch Schema #

Table description #

TableSection	TableType	TableSectionName	Description
Usx	Regular	Microsoft Sentinel	The CloudWatch Logs provide performance and billing data from the AWS CloudWatch service which helps the user better understand and operate the AWS system and application.

Table retention #

HotDays	ColdDays	TotalInteractiveDays
14	16	30

Schema #

Name	Description	Type
_BilledSize		Double
_IsBillable		String
ExtractedTime	The timestamp (UTC) of when the event was generated.	DateTime
Message	The data contained within logs from CloudWatch.	String
SourceSystem		String
TenantId	Unique identifier of the tenant into which the data connector ingests data.	String
TimeGenerated	The timestamp (UTC) when the event was generated and equals to ‘ExtractedTime’ when included in message. If timestamp is missing, it’s set to the ingestion time.	DateTime
Type	The name of the table	String

Schema changes #

Date	Action
2024-10-18	Table added to tracking